SEARCH
All Articles
Government Officials Warn of Potential Iranian Cyberattacks
The Iranian government has a lot of options to consider in its response after the United States military killed Qassem Soleimani, the chief of Iran’s Quds Force. Government officials in the United States are warning organizations that cyberattacks are possible, and to step up monitoring.
Firefox to Allow Users to Delete Telemetry Data
As CCPA goes into effect, Mozilla is making a change that will allow people to request the deletion of any telemetry data collected by Firefox.
CISA Seeks Comments on How Government Should Handle Vulnerability Reports
There is still time for security professionals in and out of government to weigh in on CISA's soon-to-be-released directive on how federal agencies should handle vulnerability reports.
Microsoft Targets North Korean Hackers in Domain Takedown
Microsoft took over 50 domains used by threat actors known as Thallium, which the company says are operating from North Korea.
Drupal Patches Arbitrary File Upload Flaw
Drupal has released fixes for a file-upload flaw that could lead to remote code execution.
Apple Opens Up Bug Bounty Program
Apple has opened its bug bounty program up to the broad research community, offering payments of up to $1.5 million.
BeyondProd Lays Out Security Principles for Cloud-Native Applications
First, it was Beyond Corp, to shift security away from the perimeter and onto individual users and devices. Now it is BeyondProd, to apply zero-trust principles to cloud-native applications and workloads that rely on microservices and communicate primarily over APIs.
Google to Pay for Security Upgrades in Open Source Projects
Google is amending its patch reward program to provide up-front financial support for open source projects that need money to make security improvements.
Deciphering Die Hard
Zoe Lindsey, Pete Baker, and Dennis Fisher dive into Doe Hard, a modern classic with some interesting security lessons.
Google to Restrict App Access to G Suite Accounts
Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.
New Tactics Emerge as Phishing Evolves
Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.
Decipher Podcast: Kelly Shortridge
Kelly Shortridge of Capsule8 joins Dennis Fisher to discuss the idea of accepting some level of ransomware attacks as necessary and working toward an economic equilibrium with the attackers.
Mozilla to Require 2FA for Add-On Developers
Mozilla will soon require add-on developers to enable 2FA for their accounts in an effort to defeat supply chain attacks.
Time, Not Money, Kills Bugs
The measure of a bug bounty program's success is not how much researchers were paid, but how the organization handled the volume of new reports. GitLab's James Ritchey share some of the lessons learned in the company's first year of the public bug bounty program.
Microsoft Fixes Windows Bug Under Active Attack
Microsoft patched CVE-2019-1458 in Windows, a privilege escalation bug that is being used in active attacks.